Secrecy

1
Cryptography

• Secrecy
• Ciphers
• Secret Key Cryptography
• Key Exchange
• Public Key Cryptography
• Digital Signatures
• Internet applications

What does it say?
2
Secrecy

• Scenario Alice wants to send a message
  (plaintext p) to Bob. The communication channel
  is insecure and can be eavesdropped by Trudy. If
  Alice and Bob have previously agreed on an
  encryption scheme (cipher), the message can be
  sent encrypted (ciphertext c)

Issues What is a good cipher? What is the
complexity of encrypting/decrypting? What is the
size of the ciphertext, relative to the
plaintext? If Alice and Bob have never interacted
before, how can they agree on a cipher?
3
Traditional Cryptography

• Ciphers were already studied in ancient times
• Caesars cipher
• replace a with d
• replace b with e
• ...
• replace z with c
• A more general monoalphabetic substitution cipher
  maps each letter to some other letter.

4
Breaking Traditional Cryptography

• Armed with simple statistcal knowledge, Trudy can
  easily break a monalphabetic substitution cypher
• most frequent letters in English e, t, o, a, n,
  i, ...
• most frequent digrams th, in, er, re, an, ...
• most frequent trigrams the, ing, and, ion, ...
• The first description of the frequency analysis
  attack appears in a book written in the 9th
  century by the Arab philosopher al-Kindi

5
Example (S. Singh, The Code Book, 1999)

• Ciphertext
• PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD
  KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL
  PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI,
  KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS,
  KXUYPD 'DJOXL EYPD, ICJ X LBCMKXPV XPV CPO
  PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK
  CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK.
  SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ
  SXGOKLU?'
• OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO
  PYDBLK
• Any Guesses???

6
Frequency Analysis

• Identyfying comon letters, digrams and
  trigrams...
• PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD
  KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL
  PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI,
  KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS,
  KXUYPD 'DJOXL EYPD, X LBCMKXPV XPV CPO PYDBLK Y
  BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL
  XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO
  KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?'
• OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO
  PYDBLK
• First guess LBO is THE

7
Frequency Analysis

• Assuming LBO represents THE we replace L with T,
  B with H, and O with E and get
• PCQ VMJYPD THYK TYSE KHXHJXWXV HXV ZCJPE EYPD
  KHXHJYUXJ THJEE KCPK. CP THE THCMKXPV XPV IYJKT
  PYDHT, QHEP KHO HXV EPVEV THE LXRE CI SX'XJMI,
  KHE JCKE XPV EYKKOV THE DJCMPV ZEICJE HYS,
  KXUYPD 'DJEXT EYPD, ICJ X LHCMKXPV XPV CPE
  PYDHLK Y HXNE ZEEP JEACMPTYPD TC UCM THE
• IXZREK CI FXKL XDEK XPV THE REDEPVK CI
  XPAYEPT EYPDK. SXU Y SXEE KC ZCRV XK TC AJXNE X
  IXNCMJ CI UCMJ SXGEKTU?'
• EFYRCDME, TXREK IJCS THE LHCMKXPV XPV CPE
  PYDBTK
• More guesses?

8
THE SOLUTION

• Code
• X Z A V O I D B Y G E R S P C F H J K L M N Q T U
  W
• A B C D E F G H I J K L M N O P Q R S T U V W X Y
  Z
• Plaintext Now during this time Shahrazad had
  borne King Shahriyar three sons. On the thousand
  and first night, when she had ended the tale of
  Ma'aruf, she rose and kissed the ground before
  him, saying 'Great King, for a thousand and one
  nights I have been recounting to you the fables
  of past ages and the legends of ancient kings.
  May I make so bold as to crave a favour of your
  majesty? Epilogue, Tales from the Thousand and
  One Nights

9
Secret-Key Ciphers

• A secret-key cipher uses a key to encrypt and
  decrypt
• Caesars generalized cypher uses modular addition
  of each character (viewed as an integer) with the
  key
• ci pi k mod m
• pi ci-k mod m
• A more secure scheme is to use modular
  exponentiation to encrypt blocks of characters
  (viewed as integers)
• c i,j p i,jk mod m
• where m is a large prime.

10
Secret-Key Ciphersmade more secure

• Unlike modular addition, modular exponentiation
  is considered computationally infeasible
  (exponential) to invert. Thus, even if Trudy
  guesses a pair (c i,j ,p i,j), (for example,
  she knows the plaintext starts with the words
  Dear Bob) she still cannot compute the key k.
• Alice and Bob need to share only key k. Bob
  decrypts using Eulers Theorem from number
  theory
• pi,j c i,j d mod m
• where d can be easily computed from k and m
  using Euclids gcd algorithm.

11
How to Establish a Shared Key?

• What if Alice and Bob have never met and did not
  agree on a key?
• The Diffie-Hellman key exchange protocol (1976)
  allows strangers to establish a secret shared key
  while communicating over an insecure channel

12
The Diffie-Hellman key exchange

• Alice picks her secret half-key x (a large
  integer) and two large primes m and g. She sends
  to Bob (n, g, gx mod m)
• Even if Trudy intercepts (n, g, gx mod m), she
  cannot figure out x because modular logarithms
  are hard to compute.
• Bob picks his secret half-key y and sends to
  Alice (gy mod m)
• Again, Trudy cannot figure out y.
• The shared key is gxy mod m
• Bob computes it as (gx mod n)y mod m
• Alice computes it as (gy mod m)x mod m

13
Algorithmic Issues(How to do it Fast)

• How can we efficiently compute modular exponents
  for large integers?
• NOTE It is not efficient to compute q gx mod
  m in the obvious way
• p gx
• q a mod m

14
Repeated Squaring Algorithm

• represent x in binary xb-1xb-2 ... x1x0
• repeat b-1 times
• g g2 mod m
• This yields
• p0 g mod m
• p1 g2 mod m
• p2 g4 mod m
• pb-1 g2b-1 mod m for i 0 to b-1
• q qxipi mod m
• The number of arithmetic operations performed is
  proportional to log x

15
The Woman-in-the-Middle Attack

• Trudy can fool Alice and Bob to share a secret
  key with her
• How?

16
Public Key Ciphers how to

• A pair of keys is used (e,d)
• Key e is made public and is used to encrypt
• Key d is kept private and is used to decrypt
• RSA, by Rivest, Shamir, Adleman (1978) is the
  most popular pubkic key cipher
• select a pair of large primes, p and q
• let e pq be the public key
• define ?(e ) (p-1)(q-1)
• let d be the private key, where 3dmod ?(e) 1
• d is the inverse of 3 mod ?(e )
• encrypt x with c x3mod e
• decrypt c with x cdmod e
• we have x x3d mod e

17
Public Key Ciphers Conclusions

• RSA is considered secure because the only known
  way to find d from e is to factor e into p and
  q, a problem believed to be computationally hard
• NOTE The RSA patent expired in September 2000

18
Digital Signatures

• Alice sends a message to Bob encrypting it with
  Bobs public key.
• Bob decrypts the message using his private key.
• How can Bob determine that the message received
  was indeed sent by Alice? After all, Trudy also
  knows Bobs public key.

19
Digital Signatures

• Alice can provide a digital signature for the
  message s xd mod e
• If Bob receives both x and s, he computes
• y s3 mod e xd3 mod e x
• Thus, if y x, Bob knows that Alice indeed sent
  x, since she is the only person who can compute s
  from x.
• Also, Alice cannot cheat and deny to have sent
  message x (nonrepudiation).
• Using digital signatures, Alice and Bob can
  authenticate each other and prevent Trudys
  woman-in-the-middle attacks
• Validating a signed message requires knowledge of
  the other partys public key.

20
Internet Security

• Recall that validating a signature requires
  knowledge of the other partys public key
• How do we know other peoples public keys?
• Certification Authorities (e.g., Verisign)
  provide certificates that bind identities to
  public keys
• A certificate is a pair (id, key) signed by the
  CA
• A user needs to know only the public key of the CA

21
Internet Security

• Some secret-key ciphers (triple DES, IDEA,
  BLOWFISH) are much faster than RSA
• To communicate securely, a two-phase protocol is
  adopted
• a shared secret key k is established using RSA
• data is transfered between the parties using a
  secret-key cipher and the shared key k
• Examples
• SSH (secure shell) for secure host login
• SSL (secure socket layer) for secure Web access
  (https), which uses an additional certification
  phase